---
title: "FreeBSD 4.5-RELEASE Errata"
sidenav: download
---

++++


        <h3 class="CORPAUTHOR">The FreeBSD Project</h3>

        <p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002 by
        The FreeBSD Documentation Project</p>

        <p class="PUBDATE">$FreeBSD:
        src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
        1.1.2.66 2002/05/20 22:27:52 bmah Exp $<br>
        </p>
        <hr>
      </div>

      <blockquote class="ABSTRACT">
        <div class="ABSTRACT">
          <a name="AEN11"></a>

          <p>This document lists errata items for FreeBSD
          4.5-RELEASE, containing significant information
          discovered after the release. This information includes
          security advisories, as well as news relating to the
          software or documentation that could affect its operation
          or usability. An up-to-date version of this document
          should always be consulted before installing this version
          of FreeBSD.</p>

          <p>This errata document for FreeBSD 4.5-RELEASE will be
          maintained until the release of FreeBSD 4.6-RELEASE.</p>
        </div>
      </blockquote>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN14">1 Introduction</a></h1>

        <p>This errata document contains ``late-breaking news''
        about FreeBSD 4.5-RELEASE. Before installing this version,
        it is important to consult this document to learn about any
        post-release discoveries or problems that may already have
        been found and fixed.</p>

        <p>Any version of this errata document actually distributed
        with the release (for example, on a CDROM distribution)
        will be out of date by definition, but other copies are
        kept updated on the Internet and should be consulted as the
        ``current errata'' for this release. These other copies of
        the errata are located at <a href=
        "http://www.FreeBSD.org/releases/" target=
        "_top">http://www.FreeBSD.org/releases/</a>, plus any sites
        which keep up-to-date mirrors of this location.</p>

        <p>Source and binary snapshots of FreeBSD 4-STABLE also
        contain up-to-date copies of this document (as of the time
        of the snapshot).</p>

        <p>For a list of all FreeBSD CERT security advisories, see
        <a href="http://www.FreeBSD.org/security/" target=
        "_top">http://www.FreeBSD.org/security/</a> or <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/" target=
        "_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
      </div>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN25">2 Security
        Advisories</a></h1>

        <p>A race condition existed whereby a file could be removed
        between a <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=fstatfs&sektion=2&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">fstatfs</span>(2)</span></a> call and the
        point where the file is accessed, causing a kernel panic.
        Only the <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=procfs&sektion=5&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">procfs</span>(5)</span></a> filesystem was
        known to be vulnerable to this attack. This bug was fixed
        in FreeBSD 4.5-RELEASE, but the security advisory
        describing the bug was issued after the release. For more
        information, including a workaround and bug fix, see
        security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc"
         target="_top">FreeBSD-SA-02:09</a>.</p>

        <p>An ``off-by-one'' bug has been fixed in <b class=
        "APPLICATION">OpenSSH</b>'s multiplexing code. This bug
        could have allowed an authenticated remote user to cause <a
        href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">sshd</span>(8)</span></a> to execute
        arbitrary code with superuser privileges, or allowed a
        malicious SSH server to execute arbitrary code on the
        client system with the privileges of the client user.
        Various workarounds and bugfixes, for versions of <b class=
        "APPLICATION">OpenSSH</b> in both the base system and Ports
        Collection, can be found in security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
         target="_top">FreeBSD-SA-02:13</a>.</p>

        <p>A programming error in <b class="APPLICATION">zlib</b>
        could result in attempts to free memory multiple times. The
        <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=malloc&sektion=3&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">malloc</span>(3)</span></a>/<a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=free&sektion=3&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">free</span>(3)</span></a> routines used in
        FreeBSD are not vulnerable to this error, but applications
        receiving specially-crafted blocks of invalid compressed
        data could be made to function incorrectly or abort. This
        <b class="APPLICATION">zlib</b> bug has been fixed. For a
        workaround and solutions, see security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc"
         target="_top">FreeBSD-SA-02:18</a>.</p>

        <p>Bugs in the TCP SYN cache (``syncache'') and SYN cookie
        (``syncookie'') implementations, which could cause
        legitimate TCP/IP traffic to crash a machine, have been
        fixed. For a workaround and patches, see security advisory
        <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc"
         target="_top">FreeBSD-SA-02:20</a>.</p>

        <p>A routing table memory leak, which could allow a remote
        attacker to exhaust the memory of a target machine, has
        been fixed. A workaround and patches can be found in
        security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc"
         target="_top">FreeBSD-SA-02:21</a>.</p>

        <p>A bug with memory-mapped I/O, which could cause a system
        crash, has been fixed. For more information about a
        solution, see security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc"
         target="_top">FreeBSD-SA-02:22</a>.</p>

        <p>A security hole, in which SUID programs could be made to
        read from or write to inappropriate files through
        manipulation of their standard I/O file descriptors, has
        been fixed. Information regarding a solution can be found
        in security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
         target="_top">FreeBSD-SA-02:23</a>.</p>

        <p>Unlike <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=su&sektion=1&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">su</span>(1)</span></a>, <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">k5su</span>(8)</span></a> does not require
        that an invoking user be a member of the <tt class=
        "GROUPNAME">wheel</tt> group when attempting to become the
        superuser. This could result in some unexpected behavior.
        To avoid this situation, <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">k5su</span>(8)</span></a> is now installed
        non-SUID by default (effectively disabling it). More
        information can be found in security advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc"
         target="_top">FreeBSD-SA-02:24</a>.</p>

        <p>Multiple vulnerabilities were found in the <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=bzip2&sektion=1&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">bzip2</span>(1)</span></a> utility, which
        could allow files to be overwritten without warning or
        allow local users unintended access to files. These
        problems have been corrected with a new import of <b class=
        "APPLICATION">bzip2</b>. For more information, see security
        advisory <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
         target="_top">FreeBSD-SA-02:25</a>.</p>
      </div>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN81">3 System Update
        Information</a></h1>

        <p>Certain SSH clients, when attempting to connect to a
        FreeBSD 4.5-RELEASE server, will unexpectedly present an <b
        class="APPLICATION">S/Key</b> prompt, even if <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=sshd&sektion=8&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">sshd</span>(8)</span></a> on the server has
        not been later explicitly configured for <b class=
        "APPLICATION">S/Key</b> authentication. This is due to the
        default settings of clients having changed (e.g. use of SSH
        protocol version 2 where it was not used before), or from a
        change from the client's old default authentication
        sequence. There are a number of ways to disable this
        behavior:</p>

        <ul>
          <li>
            <p>On newer <b class="APPLICATION">OpenSSH</b> clients,
            add the following line to your <tt class=
            "FILENAME">~/.ssh/config</tt> file:</p>
<pre class="PROGRAMLISTING">
    PreferredAuthentications publickey,password,keyboard-interactive
</pre>
            <br>
            <br>
          </li>

          <li>
            <p>For <b class="APPLICATION">PuTTY</b> clients, the
            authentication sequence order cannot be changed, but
            keyboard-interactive authentication can be disabled in
            the settings.</p>
          </li>

          <li>
            <p>To disable keyboard-interactive authentication in
            the server, uncomment the following line in the <tt
            class="FILENAME">/etc/ssh/sshd_config</tt> file (on the
            server host):</p>
<pre class="PROGRAMLISTING">
    ChallengeResponseAuthentication no
</pre>
            <br>
            <br>
          </li>
        </ul>
        This problem has been corrected in FreeBSD 4.6-RC. <br>
        <br>

        <p>The release notes mentioned the new sbni device driver,
        but gave an incorrect reference to the program in the
        FreeBSD Ports Collection used to configure the driver. The
        correct filename for the port is <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/sysutils/sbniconfig/pkg-descr">
        <tt class="FILENAME">sysutils/sbniconfig</tt></a>.</p>

        <p>Linux emulation now requires <tt class="LITERAL">options
        SYSVSEM</tt> in the kernel configuration. This dependency
        was introduced into FreeBSD before 4.5-RELEASE.</p>

        <p>Packages containing some optional components of <b
        class="APPLICATION">KDE</b> were accidentally omitted from
        the ISO images (and hence the official 4-CD set). In prior
        releases, these packages could be installed using the <a
        href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kde2/pkg-descr">
        <tt class="FILENAME">x11/kde2</tt></a> package. These
        components can either be installed using the FreeBSD Ports
        Collection or by downloading the binary packages from one
        of the FreeBSD FTP servers. The affected ports are: <a
        href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/games/kdegames2/pkg-descr">
        <tt class="FILENAME">games/kdegames2</tt></a>, <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/misc/kdeutils2/pkg-descr">
        <tt class="FILENAME">misc/kdeutils2</tt></a>, <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/editors/koffice/pkg-descr">
        <tt class="FILENAME">editors/koffice</tt></a>, <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/net/kdenetwork2/pkg-descr">
        <tt class="FILENAME">net/kdenetwork2</tt></a>, <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/graphics/kdegraphics2/pkg-descr">
        <tt class="FILENAME">graphics/kdegraphics2</tt></a>, and <a
        href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/audio/kdemultimedia2/pkg-descr">
        <tt class="FILENAME">audio/kdemultimedia2</tt></a>. Note
        that the <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kdelibs2/pkg-descr">
        <tt class="FILENAME">x11/kdelibs2</tt></a> and <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/x11/kdebase2/pkg-descr">
        <tt class="FILENAME">x11/kdebase2</tt></a> packages, which
        are frequently required by these other components, <span
        class="emphasis"><i class="EMPHASIS">are</i></span>
        included on disk 1 of the official 4-CD set. <a name=
        "AEN118" href="#FTN.AEN118">[1]</a></p>

        <p>A binary package containing <b class=
        "APPLICATION">Samba</b> was accidentally omitted from the
        ISO images. This software can either be installed using the
        <a href=
        "http://www.FreeBSD.org/cgi/url.cgi?ports/net/samba/pkg-descr">
        <tt class="FILENAME">net/samba</tt></a> port in the FreeBSD
        Ports Collection or by downloading and installing its
        binary package from one of the FreeBSD FTP servers.</p>

        <p>A bug has been fixed in soft updates that can cause
        occasional filesystem corruption if the system is shut down
        immediately after performing heavy filesystem activities,
        such as installing a new kernel or other software. The
        system shutdown was unable to flush all buffers on shutdown
        and would report this fact. The problem can be worked
        around by running <a href=
        "http://www.FreeBSD.org/cgi/man.cgi?query=sync&sektion=8&manpath=FreeBSD+4.5-stable">
        <span class="CITEREFENTRY"><span class=
        "REFENTRYTITLE">sync</span>(8)</span></a> a few times
        before rebooting, or solved by updating to a recent FreeBSD
        4.6-RC snapshot.</p>

        <p>The ciss driver was inadvertently omitted from the
        FreeBSD 4.5-RELEASE <tt class="FILENAME">GENERIC</tt>
        kernel, thus making it impossible (or at least very
        difficult) to perform an initial install to disks attached
        to this controller. This problem has been corrected in
        FreeBSD 4.6-RC.</p>
      </div>
    </div>

    <h3 class="FOOTNOTES">Notes</h3>

    <table border="0" class="FOOTNOTES" width="100%">
      <tr>
        <td align="LEFT" valign="TOP" width="5%"><a name=
        "FTN.AEN118" href="#AEN118">[1]</a></td>

        <td align="LEFT" valign="TOP" width="95%">
          <p>The complete FreeBSD package collection currently
          fills nine CDROMs. The official 4-CD set therefore only
          contains a subset of the available packages. Several
          FreeBSD vendors offer distributions that contain a more
          complete set of packages; a more complete collection can
          also be found on the FreeBSD FTP sites.</p>
        </td>
      </tr>
    </table>
    <hr>

    <p align="center"><small>This file, and other release-related
    documents, can be downloaded from <a href=
    "ftp://releng4.FreeBSD.org/pub/FreeBSD/">ftp://releng4.FreeBSD.org/pub/FreeBSD/</a>.</small></p>

    <p align="center"><small>For questions about FreeBSD, read the
    <a href="http://www.FreeBSD.org/docs.html">documentation</a>
    before contacting &#60;<a href=
    "mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>

    <p align="center"><small><small>All users of FreeBSD 4-STABLE
    should subscribe to the &#60;<a href=
    "mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62; mailing
    list.</small></small></p>

    <p align="center">For questions about this documentation,
    e-mail &#60;<a href=
    "mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>
    <br>
    <br>
++++


